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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1. (Currently Amended) A security system for secure printing of value-bearing items 
in a wide area computer network comprising: 

a plurality of user terminals coupled to the computer network; 

a database including information about one or more users using the plurality of terminals; 

a plurality of cryptographic devices remote from the plurality of user terminals and 
coupled to the computer network, wherein the cryptographic devices include a computer 
executable code for authenticating one or more users, wherein each of the plurality of 
cryptographic devices is programmable to service any of the plurality of user terminals a _and 
wherein each cryptographic device is not dedicated to p articular user terminals: and 

a plurality of security device transaction data stored in the database for ensuring 
authenticity of the one or mote users, wherein each security device transaction data is related to a 
user, wherein any rospootivo cryptographic device authenticates the identity of each user and 
authenticates the user for a role, the role limiting the user to a subset of operations performed by 
the system. 

2. (Original) The system of claim 1, wherein the security device transaction data 
related to a user is loaded into the cryptographic device when the user requests to operate on a 
value bearing item, 

3. (Cancelled) 

4. (Previously Presented) The system of claim 1, wherein the assumed role is a 
security officer role to initiate a key management function. 
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5. (Previously Presented) The system of claim 1, wherein the assumed role is a key 
custodian role to take possession of shares of keys. 

6. (Previously Presented) The system of claim 1, wherein the assumed role is an 
administrator role to manage a user access control database. 

7. (Previously Presented) The system of claim 1, wherein the assumed role is an 
auditor role to manage audit logs, 

8. (Previously Presented) The system of claim 1, wherein the assumed role is a 
provider role to withdraw from a user account. 

9. (Previously Presented) The system of claim 1, wherein the assumed role is a user 
role to operate on a VB1. 

10. (Previously Presented) The system of claim 1, wherein the assumed role is a 
certificate authority role to allow a public key certificate to be loaded and verified- 

11. (Previously Presented) The system of claim 1, wherein the cryptographic device 
includes a state machine for determining a state corresponding to availability of one or more 
commands in conjunction with the role. 

12. (Original) The system of claim 1, wherein the cryptographic device includes a 
data validation subsystem and an auto-recovery subsystem for allowing the device to verify that 
data is up to date and to automatically re-synchronize the device with the data. 

13. (Original) The system of claim 1 , wherein the cryptographic device is stateless. 

14. (Original) The system of claim 1, wherein the cryptographic device includes a 
computer executable code for preventing unauthorized modification of data. 



-3- 



PAGE 6/14 * RCVD AT 7/21/2006 8:06:35 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-3/10 * DNlS:2738300 * CSID:626 577 8800 * DURATION (mm-ss):03-58 



07/21/2006 17:09 FAX 626 577 8800 



CHRISTIE , PARKER & HALE 



@007/014 



Appln No. 09/690,066 

Amdt dace July 21, 2006 

Reply to Office action of May 18, 2006 

15. (Original) The system of claim 14, wherein the computer executable code 
prevents the unauthorized modification, substitution, insertion, and deletion of related data and 
cryptographically critical security parameters. 

16. (Original) The system of claim 1, wherein the cryptographic device includes a 
computer executable code for preventing unauthorized disclosure of data. 

17. (Original) The system of claim 16, wherein the data includes non-public contents 
of a postage meter, including plaintext cryptographic keys and other critical security parameters. 

18. (Original) The system of claim 1, wherein the cryptographic device includes a 
computer executable code for ensuring the proper operation of cryptographic security and VBI 
related meter functions. 

19. (Original) The system of claim 1, wherein the cryptographic device includes a 
computer executable code for detecting errors and preventing a compromise of the transaction 
data or critical cryptographic security parameters as a result of the errors. 

20. (Original) The system of claim 1, wherein at least one of the users is an enterprise 
account. 

21. (Previously Presented) The system of claim 1, wherein the cryptographic device 
includes a computer executable code for supporting multiple concurrent users and maintaining a 
separation of roles and operations performed by each user. 

22. (Original) The system of claim 1, wherein the cryptographic device stores 
information about a number of last transactions in a respective internal register. 

23. (Original) The system of claim 22, wherein the database stores a table including 
the respective information about a last transaction, a verification module to compare the 
information saved in the device with the information saved in the database. 
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24. (Original) The system of claim 1, wherein the database includes data for creating 
one or more indicium, account maintenance, and revenue protection. 

25. (Original) The system of claim 24, wherein the data includes virtual meter 
information. 

26. (Original) The system of claim 24, wherein the data includes ascending and 
descending registers data. 

27. (Original) The system of claim 1, wherein the value bearing item is a mail piece. 

28. (Original) The system of claim 27, wherein the mail piece includes a digital 
signature. 

29. (Original) The system of claim 1, wherein the cryptographic device enciypts 
validation information according to a user request for printing a VBL 

30. (Original) The system of claim 27, wherein the cryptographic device generates 
data sufficient to print a postal indicium in compliance with postal service regulation on the mail 
piece. 

3 1 . (Original) The system of claim 1 F wherein the value bearing item is a ticket. 

32. (Original) The system of claim 1 ? wherein a bar code is printed on the value 
bearing item. 

33. (Original) The system of claim 1, wherein the value bearing item is a coupon, 

34. (Original) The system of claim 1, wherein the value bearing item is currency. 

35. (Original) The system of claim 1, wherein the value bearing item is a voucher. 
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36. (Original) The system of claim 1, wherein the value bearing item is a traveler's 

check. 

37. (Original) The system of claim 1, wherein each security device transaction data 
includes one or more of an ascending register value, a descending register value, a respective 
cryptographic device ID, an indicium key certificate serial number, a licensing ZIP code, a key 
token for an indicium signing key, user secrets, a key for encrypting user secrets, data and time 
of last transaction, last challenge received from a respective client subsystem, an operational 
state of the respective device, expiration dates for keys, and a passphrase repetition list 

38. (Original) The system of claim 1, wherein each security device transaction data 
includes one or more of a private key, a public key, and a public key certificate, wherein the 
private key is used to sign device status responses and a VBI which, in conjunction with a public 
key certificate, demonstrates that the device and the VBI are authentic. 

39. (Original) The system of claim 1 further comprising at least one more 
cryptographic device remote from the plurality of user terminals coupled to the computer 
network, wherein the at least one more cryptographic device includes a computer executable 
code for authenticating any of the plurality of users. 

40. (Original) The system of claim 39, wherein the cryptographic device shares a 
secret with the at least one more cryptographic device. 

41. (Original) The system of claim 39, wherein one of the plurality of cryptographic 
devices is a master device and generates a master key set (MKS). 

42. (Original) The system of claim 41, wherein the MKS includes a Master 
Encryption Key (MEK) used to encrypt keys when stored outside the device, 
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43. (Original) The system of claim 42, wherein the MKS farther includes a Master 
Authentication Key (MAK) used to compute a DES MAC for signing keys when stored outside 
of the device. 

44. (Original) The system of claim 41, wherein the MKS is exported to other 
cryptographic devices by any cryptographic device. 

45. (Original) The system of claim 1, wherein the database includes a user profile for 
a subset of the plurality of users. 

46. (Original) The system of claim 45, wherein the user profile includes username, 
user role, password, logon failure count, logon failure limit, logon time-out limit, account 
expiration, password expiration, and password period. 

47. (Original) The system of claim 11, wherein the state machine includes one or 
mote of an uninitialized state 7 an initialized state, an operational state, an administrative state, an 
exporting shares state, an importing shares state, and an error state. 

48. (Original) The system of claim 47, wherein the command corresponding to the 
operational state comprises commands for one or more, of access control, session management, 
key management, and audit support, 

49. (Original) The system of claim 1, wherein the cryptographic device is capable of 
performing one or more of Rivest, Shamir and Adleman (RSA) public key encryption, DES, 
Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation algorithms. 

50. -91. (Cancelled) 

92. (Currently Amended) A system for secure processing of value-bearing items 
(VBIs) in a computer network comprising: 

a plurality of user terminals coupled to the computer network; 
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a database coupled to the network and remote from the plurality of user terminals for 
scoring information about one or mote users using the plurality of terminals; and 

a server system coupled to the network including a plurality of cryptographic devices for 
performing secure VBI functions utilizing the information stored in the database, each of the 
plurality of cryptographic devices processes data for any of the user terminals,, wherein each 
cryptographic device is not dedicated to particular user terminals; 

wherein a respective cryptographic device authenticates the identity of a user and restricts 
services to the user based on stored information in the database. 

93. (Original) The system of claim 92, wherein at least one of the users is an 
enterprise account. 

94. (Original) The system of claim 92, further comprising a plurality of security 
device transaction data stored in the database for ensuring authenticity and authority of each of 
the plurality of users, wherein each transaction data is related to one of the plurality of users and 
the security device transaction data related to a user is loaded into the cryptographic device when 
the user requests a VBI function. 

95. (Cancelled) 

96. (Previously Presented) The system of claim 92, wherein the assumed role is an 
administrator role to manage a user access control database. 

97. (Previously Presented) The system of claim 92, wherein the assumed role is a 
provider iole to authorize increasing credit for a user account. 

98. (Previously Presented) The system of claim 92, wherein the assumed role is a user 
role to perform expected BBIP postal meter operations. 

99. (Original) The system of claim 92, wherein the cryptographic device stores 
information about a number of last transactions in a respective internal register, the database 



-8- 

PAGE 11/14 * RCVDAT 7/21/2006 8:06:35 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF<J/10 * DNISOTOO * CSID:626 577 8800 ■ DURATION (mnKS):03-58 



07/21/2006 17:10 FAX G2G 577 8800 CHRISTIE, PARKER & HALE 1012/014 



Appln No. 09/690,066 

Amflt date July 21, 2006 

Reply to Office action of May 18, 2006 

stores a table including the respective information about a last transaction, a verification module 
to compare the information saved in the device with the information saved in the table. 

100. (Original) The system of claim 92, wherein the database includes data for creating 
indicium, account maintenance, and revenue protection. 

101 . (Original) The system of claim 92, wherein the value bearing item is a mail piece. 

102. (Original) The system of claim 92, wherein the mail piece includes a digital 
signature. 

103. (Original) The system of claim 92, wherein the mail piece includes a postage 
amount 

104. (Original) The system of claim 92, wherein the mail piece includes an ascending 
register of used postage and descending register of available postage. 

105. (Original) The system of claim 92, wherein the value bearing item is a ticket. 

106. (Original) The system of claim 92, wherein the value bearing item includes a bar 

code. 

107. (Original) The system of claim 92, wherein the value bearing item is a coupon. 

108. (Original) The system of claim 92, wherein the value bearing item is currency. 

109. (Original) The system of claim 92, wherein the value bearing item is a voucher. 

1 10. (Original) The system of claim 92, wherein the value bearing item is a traveler's 

check. 

111. (Original) The system of claim 92, wherein each security device transaction data 
includes an ascending register value, a descending register value, a respective cryptographic 
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device ID, an indicium key certificate serial number, a licensing ZIP code, a key token for an 
indicium signing key, user secrets, a key for encrypting user secrets, data and time of last 
transaction, last challenge received from a respective client subsystem, an operational state of the 
respective device, expiration dates for keys, and a passphrase repetition list. 

112. (Original) The system of claim 92, wherein each security device transaction data 
includes a private key, a public key, and a public key certificate, wherein the private key is used 
to sign device status responses and a VBI which, in conjunction with a public key certificate, 
demonstrates that the device and the VBI are authentic. 

113. (Currently Amended) The system of claim 92, wherein the each cryptographic 
device is capable of performing one or more of Rivest, Shamir and Adleman (RSA) public key 
encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-iandom number generation 
algorithms. 

114. (Currently Amended) The system of claim 92, wherein the each cryptographic 
device protects data using a stored secret. 

1 15. (Original) The system of claim 1 14, wherein the secret is a password. 

116. (Original) The system of claim 114, wherein the secret is a public/private key 

pair. 

117. -161. (Cancelled) 
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